Please Scroll Down to See Forums Below
napsgear
genezapharmateuticals
domestic-supply
puritysourcelabs
UGL OZ
UGFREAK
napsgeargenezapharmateuticals domestic-supplypuritysourcelabsUGL OZUGFREAK

Help please...Anyone know about spyware!?

jd_uk

jd_uk

New member
I installed MSN plus 3 on my comp which also seemed to install spyware. Now i have all these 'search toolbars' that direct me to mysearchnow.com within my browser and more pop-ups and its making it difficult to load any sites.

I doewnloaded 'Hijack this' (sypware detecion program) and ran a scan...below are the results of the scan..what files should i delete to get rid of this?

Thanks.

Logfile of HijackThis v1.98.0
Scan saved at 23:13:38, on 12/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\idol help mix\Typewmasoap.exe
C:\WINDOWS\System32\ctfmon.exe
C:\program files\Norton Utilities\SYSDOC32.EXE
C:\program files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\prddmm.exe
C:\program files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\program files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ntl:home
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PingHole - {781A0BFE-3832-EA7A-6736-E4B90D49E357} - C:\PROGRA~1\AXISSI~1\Trustactive.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-gb\msntb.dll (file missing)
O3 - Toolbar: License Slow Setup - {978B83A1-8076-075D-B654-6B80A3C2BDFB} - C:\PROGRA~1\AXISSI~1\Trustactive.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAZAA] C:\program files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [16window] C:\PROGRA~1\idol help mix\Typewmasoap.exe
O4 - HKLM\..\Run: [prddmm] C:\WINDOWS\System32\prddmm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BigFix.lnk = C:\program files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\program files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\program files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\program files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix-eu.com/viewers/ipixx.cab
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Gareth\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88541482-111D-4919-8A5F-5F5033F6C089}: NameServer = 194.168.4.100 194.168.8.100
 
hijack this is a little too complicated for the average spyware hunter.

do yourself a favor and download:
ad aware
pest patrol
spybot
popupcop
also choose to override automatic cookie handling in your internet explorer tools/internet options/privacy/advanced settings. You will have to manually choose what cookies get set in your system for each website you go to but its worth it
 
Burning_Inside said:
hijack this is a little too complicated for the average spyware hunter.

do yourself a favor and download:
ad aware
pest patrol
spybot
popupcop
also choose to override automatic cookie handling in your internet explorer tools/internet options/privacy/advanced settings. You will have to manually choose what cookies get set in your system for each website you go to but its worth it
Click to expand...


I downloaded ad aware and it doesn't egt rid of it. It says something like 4 objects could not be removed and the search bar and pop ups remain on the browser redirecting me to this site mysearchnow.com all the time.

There must be some file in the registry somewhere which i have to delete?

Thanks for the reply.
 
Code said:
Umm, try a more technical board.
Click to expand...


Well yeah, I might have to but that will reqire signing up to a new forum. Like i said it takes ages (about 5 attempts) to get a single page to load.

A lot of people seem to work with computers so i thought there's a decent chance someone will have a good idea.
 
Download Ad-Aware by Lavasoft.

Its all you'll need to clean that shit up. If it doesn't work the first time, try again tomorrow, and always be sure to check for updates... they come out almost daily to keep on top of this stuff.
 
jd_uk said:
I downloaded ad aware and it doesn't egt rid of it. It says something like 4 objects could not be removed and the search bar and pop ups remain on the browser redirecting me to this site mysearchnow.com all the time.

There must be some file in the registry somewhere which i have to delete?

Thanks for the reply.
Click to expand...

The 4 objects can't be removed probably because XP is uses them at boot-up. Try booting into "safe mode" and then run the AD-AWARE program again.
Also, try using "Spybot". I use it in conjunction with AD-AWARE.
Good luck.
 
Go here and download CWshredder

http://www.spywareinfo.com/~merijn/downloads.html

Install it, update it, change your home page to whatever you want it set to ( I assume your home page has changed), close all browser windows, run "fix it", when it's done, restart your pc, run shredder again. If it keeps finding stuff, keep running shredder and restarting. Once it tells you its clean, then you're all set.
 
Or go to run>msconfig> and then to the startup tab. Look for strange or unfamiliar programs, such as the mysearchnow program and so on, and uncheck them to be ran at startup, then run adaware.
 
You must log in or register to reply here.

Similar threads

B
HiJackThis Log....can anyone help?
Replies
7
Views
363
HumorMe
HumorMe
acneman
Hiren's boot CD V8.6
Replies
3
Views
4K
Queensney
Q
JarheadChiro
Computer Safety... final draft!
Replies
0
Views
877
JarheadChiro
JarheadChiro
Razorguns
Pop-up program reads keystrokes, steals passwords
Replies
0
Views
546
Razorguns
Razorguns
L
Security Document Please Read
2 3 4 5 6
Replies
51
Views
5K
SoreArms
SoreArms
Top Bottom